Makussu/bunkerweb
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

performance - move external blacklists checks from nginx to LUA

Browse Source
This commit is contained in:
bunkerity
2021-05-10 17:51:07 +02:00
parent 009d6fb5ae
commit fd61df205f
14 changed files with 141 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
scripts/abusers.sh
View File

@@ -4,12 +4,11 @@
. /opt/entrypoint/utils.sh
# copy old conf to cache
cp /etc/nginx/block-abusers.conf /cache
cp /etc/nginx/abusers.list /cache
# generate the new conf
curl -s "https://iplists.firehol.org/files/firehol_abusers_30d.netset" | \
grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" | \
sed 's/^/deny /;s/$/;/' > /tmp/block-abusers.conf
grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" > /tmp/abusers.list
# if we are running nginx
if [ -f /tmp/nginx.pid ] ; then
@@ -20,28 +19,28 @@ elif [ -S /tmp/autoconf.sock ] ; then
fi
# check if we have at least 1 line
lines="$(wc -l /tmp/block-abusers.conf | cut -d ' ' -f 1)"
lines="$(wc -l /tmp/abusers.list | cut -d ' ' -f 1)"
if [ "$lines" -gt 1 ] ; then
job_log "[BLACKLIST] abusers list updated ($lines entries)"
# reload nginx with the new config
mv /tmp/block-abusers.conf /etc/nginx/block-abusers.conf
mv /tmp/abusers.list /etc/nginx/abusers.list
if [ "$RELOAD" != "" ] ; then
$RELOAD > /dev/null 2>&1
# new config is ok : save it in the cache
if [ "$?" -eq 0 ] ; then
cp /etc/nginx/block-abusers.conf /cache
cp /etc/nginx/abusers.list /cache
job_log "[NGINX] successfull nginx reload after abusers list update"
else
job_log "[NGINX] failed nginx reload after abusers list update fallback to old list"
cp /cache/block-abusers.conf /etc/nginx
cp /cache/abusers.list /etc/nginx
$RELOAD > /dev/null 2>&1
fi
else
cp /etc/nginx/block-abusers.conf /cache
cp /etc/nginx/abusers.list /cache
fi
else
job_log "[BLACKLIST] can't update abusers list"
fi
rm -f /tmp/block-abusers.conf 2> /dev/null
rm -f /tmp/abusers.list 2> /dev/null

18
scripts/exit-nodes.sh
View File

@@ -4,12 +4,11 @@
. /opt/entrypoint/utils.sh
# copy old conf to cache
cp /etc/nginx/block-tor-exit-node.conf /cache
cp /etc/nginx/tor-exit-nodes.list /cache
# generate the new conf
curl -s "https://iplists.firehol.org/files/tor_exits.ipset" | \
grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" | \
sed 's/^/deny /;s/$/;/' > /tmp/block-tor-exit-node.conf
grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" > /tmp/tor-exit-nodes.list
# if we are running nginx
if [ -f /tmp/nginx.pid ] ; then
@@ -20,28 +19,27 @@ elif [ -S /tmp/autoconf.sock ] ; then
fi
# check if we have at least 1 line
lines="$(wc -l /tmp/block-tor-exit-node.conf | cut -d ' ' -f 1)"
lines="$(wc -l /tmp/tor-exit-nodes.list | cut -d ' ' -f 1)"
if [ "$lines" -gt 1 ] ; then
job_log "[BLACKLIST] TOR exit node list updated ($lines entries)"
# reload nginx with the new config
mv /tmp/block-tor-exit-node.conf /etc/nginx/block-tor-exit-node.conf
mv /tmp/tor-exit-nodes.list /etc/nginx/tor-exit-nodes.list
if [ "$RELOAD" != "" ] ; then
$RELOAD > /dev/null 2>&1
# new config is ok : save it in the cache
if [ "$?" -eq 0 ] ; then
cp /etc/nginx/block-tor-exit-node.conf /cache
cp /etc/nginx/tor-exit-nodes.list /cache
job_log "[NGINX] successfull nginx reload after TOR exit node list update"
else
job_log "[NGINX] failed nginx reload after TOR exit node list update fallback to old list"
cp /cache/block-tor-exit-node.conf /etc/nginx
cp /cache/tor-exit-nodes.list /etc/nginx
$RELOAD > /dev/null 2>&1
fi
else
cp /etc/nginx/block-tor-exit-node.conf /cache
cp /etc/nginx/tor-exit-nodes.list /cache
fi
else
job_log "[BLACKLIST] can't update TOR exit node list"
fi
rm -f /tmp/block-tor-exit-node.conf 2> /dev/null
rm -f /tmp/tor-exit-nodes.list 2> /dev/null

17
scripts/proxies.sh
View File

@@ -4,12 +4,11 @@
. /opt/entrypoint/utils.sh
# copy old conf to cache
cp /etc/nginx/block-proxies.conf /cache
cp /etc/nginx/proxies.list /cache
# generate the new conf
curl -s "https://iplists.firehol.org/files/firehol_proxies.netset" | \
grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" | \
sed 's/^/deny /;s/$/;/' > /tmp/block-proxies.conf
grep -E "^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}/?[0-9]*$" > /tmp/proxies.list
# if we are running nginx
if [ -f /tmp/nginx.pid ] ; then
@@ -20,28 +19,28 @@ elif [ -S /tmp/autoconf.sock ] ; then
fi
# check if we have at least 1 line
lines="$(wc -l /tmp/block-proxies.conf | cut -d ' ' -f 1)"
lines="$(wc -l /tmp/proxies.list | cut -d ' ' -f 1)"
if [ "$lines" -gt 1 ] ; then
job_log "[BLACKLIST] proxies list updated ($lines entries)"
# reload nginx with the new config
mv /tmp/block-proxies.conf /etc/nginx/block-proxies.conf
mv /tmp/proxies.list /etc/nginx/proxies.list
if [ "$RELOAD" != "" ] ; then
$RELOAD > /dev/null 2>&1
# new config is ok : save it in the cache
if [ "$?" -eq 0 ] ; then
cp /etc/nginx/block-proxies.conf /cache
cp /etc/nginx/proxies.list /cache
job_log "[NGINX] successfull nginx reload after proxies list update"
else
job_log "[NGINX] failed nginx reload after proxies list update fallback to old list"
cp /cache/block-proxies.conf /etc/nginx
cp /cache/proxies.list /etc/nginx
$RELOAD > /dev/null 2>&1
fi
else
cp /etc/nginx/block-proxies.conf /cache
cp /etc/nginx/proxies.list /cache
fi
else
job_log "[BLACKLIST] can't update proxies list"
fi
rm -f /tmp/block-proxies.conf 2> /dev/null
rm -f /tmp/proxies.list 2> /dev/null